Add release CI: tag-triggered image publish + GitHub Release#55
Merged
Conversation
Previously, cutting a release was entirely manual (bump version files, edit
overlays, run build_and_push.sh, commit, tag, kubectl apply) — there was no
CI that built or pushed images. This adds .github/workflows/release.yaml:
- Triggers on backend-v* / frontend-v* / v* tags, plus workflow_dispatch.
- plan job resolves service + version and guards that the tag version
matches version.py / package.json before any build runs.
- Builds platform-{api,worker} and/or platform-frontend (amd64) and pushes
to GHCR; cuts a GitHub Release on tag pushes.
Also adds backend/scripts/bump-backend.sh (mirrors bump-frontend.sh; bumps
version.py + pyproject.toml in lockstep, commits, tags backend-vX.Y.Z) and
reconciles the release docs in CLAUDE.md / backend/CLAUDE.md to the
backend-vX.Y.Z scheme, keeping build_and_push.sh as the multi-arch fallback.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds the missing release automation. Until now the repo had only test CI (pytest, lint/typecheck, smoke) — no workflow built or pushed images. Releases were fully manual and error-prone (the in-flight 0.5.0 backend bump was caught half-built, with overlays already pointing at images that didn't exist in the registry).
Changes
.github/workflows/release.yaml— image publish + GitHub Release:backend-v*/frontend-v*/v*tag pushes, plusworkflow_dispatch(service + version inputs).planjob resolves what to build and guards that the tag version matchesversion.py/package.jsonbefore any build runs.backendmatrix builds api + worker;frontendrunsnpm ci && npm run buildthen the runtime image. amd64-only, pushed to GHCR viaGITHUB_TOKEN.releasejob cuts a GitHub Release on tag pushes (dispatch publishes images only).backend/scripts/bump-backend.sh— mirrorsbump-frontend.sh; bumpsversion.py+pyproject.tomlin lockstep, commits, tagsbackend-vX.Y.Z(removes the two-file hand-edit footgun).CLAUDE.mdgains a Release-automation section + tag→build table;backend/CLAUDE.mdDeploy steps rewritten around the tag-triggered flow;build_and_push.shreframed as the local / multi-arch fallback.Tag → build contract
backend-vX.Y.Zbackend-X.Y.Zfrontend-vX.Y.Zfrontend-X.Y.ZvX.Y.Zworkflow_dispatchNotes / decisions
biosim-local) uses thebuild_and_push.shmulti-arch fallback — documented inbackend/CLAUDE.md.kubectl apply); no kubeconfig secrets enter GitHub. RKE is on-prem and unreachable from GitHub runners.Verification
actionlintpasses clean on the new workflow (and existing ones).version.pyrewrite tested on throwaway copies.workflow_dispatchwithservice=backend, version=0.5.0to confirm images land in GHCR before relying on the tag path.🤖 Generated with Claude Code